httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William Paredes <bill.pare...@einstein.yu.edu>
Subject RE: [users@httpd] Apache 2.4 fails to call LDAP auth modules [solved]
Date Thu, 22 Aug 2013 19:36:12 GMT
From: Igor Cicimov [icicimov@gmail.com]
Sent: Saturday, August 17, 2013 9:14 AM
To: users
Subject: Re: [users@httpd] Apache 2.4 fails to call LDAP auth modules


On 16/08/2013 3:10 AM, "William Paredes" <bill.paredes@einstein.yu.edu<mailto:bill.paredes@einstein.yu.edu>>
wrote:
>
> Greetings!
> It's been a few days that I'm struggling with this one:
>
> I don't get the authentication dialog window prompting for a user name & password
when I enter an LDAP protected realm:
>
> <Directory /Library/Webserver/Documents/ldapProtected>
>   AuthType Basic
>   AuthBasicProvider ldap
>   AuthName "Testing LDAP"
>   AuthLDAPBindDN "CN=cn_name,OU=ou_account,DC=ad,DC=uds,DC=yu,DC=edu"
>   AuthLDAPBindPassword "pwrd"
>   AuthLDAPURL "ldap://ldap.address:389/DC=ad,DC=uds,DC=yu,DC=edu"
>   Require ldap-user jones
> </Directory>
>
> However, I do get the authentication dialog with a user file:
>
>  <Directory "/Library/WebServer/Documents/fileProtected">
>     AuthType Basic
>     AuthName "New Test Auth Required"
>     AuthUserFile "/etc/htpasswd/.htpasswd"
>     Require valid-user
>     Options Indexes FollowSymLinks MultiViews
>     AllowOverride AuthConfig
>     Order allow,deny
>     Allow from all
>   </Directory>
>
> When I navigate to the LDAP protected directory I get into the directory without the
authentication dialog.
> When I navigate to the file protected directory I'm challenged with the authentication
window.
>
> I built the following with the usual ./configure, make, sudo make install [no errors]:
>
> [apr 1.4.8]  ./configure --prefix=/usr/local/apr
>
> [apr-util 1.5.2]  ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
--with-ldap  --with-mysql=/usr/local/mysql  --with-ldap-lib=/usr/local/openldap/lib --with-ldap-include=/usr/local/openldap/include/
>
> [apache 2.4.6]  ./configure --enable-layout=MacMini --enable-modules=most --with-ssl=/usr
--with-mpm-prefork --enable-ssl --enable-so --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
--enable-authnz-ldap --enable-ldap --with-ldap
>
> I've set the apache LogLevel to debug and LDAPLibraryDebug to 7 but they have not revealed
anything useful other than the following when I access the LDAP realms without being challenged:
>
> mod_authz_core.c(802): [client 129.98.101.122:51668<http://129.98.101.122:51668>]
AH01626: authorization result of Require all granted: granted
>
> [Tue Aug 13 18:22:55.544690 2013] [authz_core:debug] [pid 60859:tid 4447301632] mod_authz_core.c(802):
[client 129.98.101.122:51668<http://129.98.101.122:51668>] AH01626: authorization result
of <RequireAny>: granted
>
>
> So how would I begin to trouble shoot this puzzle?
> [OS X 10.8.4; 2.7GHz Intel Core i7; 16GB; mac mini desktop]
>

Start by confirming your ldap account is working outside apache using ldapsearch or ldapbind
lets say. Have you done that? Have you confirmed the ldap connection works at all?

> Thanks,
> -bill


Thanks for the tip. I solved the problem by using Apache Directory Studio which indicated
that I was using a bad AuthLDAPBindDN.

Regards,
-bill


Mime
View raw message